P3P Headers

[Morten Munkholm]

Hi,

I need to login from an iframe. In that case I need to make sure that
all files loaded in simplesamlphp carries the following header:

header("p3p: CP=\"CAO PSA OUR\"");

How do I set that up in simplesamlphp?

Kind regards,

Morten

[Ian Webb]

Hi Morten,

The simplest way would be to use the Apache "header set" directive, in
the appropriate Apache config file. For example:

<Location /simplesaml>
  Header set p3p "CP=\"CAO PSA OUR\""
</Location>

Cheers,
Ian

> --
> You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
> To post to this group, send email to simple...@googlegroups.com.
> To unsubscribe from this group, send email to simplesamlph...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/simplesamlphp?hl=en.
>

[Morten Munkholm]

Hi Ian,

Thank you for the quick answer!

Unfortunately I am not able to edit my apache config file as the site
is on a shared host.
I have access to the PHP ini and also have the posibility to
use .htaccess.

I tried both the methods above but with no luck.

My setup is like this:
simpleSAMLphp is located in root/simplesamlphp/
the www folder is located in root/public_html/simplesaml

I have edited the required files to make that setup work.
I have also put the following in htaccess files in the above two
folders and in root/public_html/:

Header set P3P "CP=\"CAO PSA OUR\""

The current configuration works in Chrome and Firefox but does not
work in Internet Explorer due to the missing headers (I think).

Any suggestions?
Thank you in advance!

Regards

[Morten Munkholm]

Also worse mentioning is that the current error I get is:

"State information lost"

and this is the page loaded in the iframe, that throws that error:

/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp

Regards,

Morten

> > To unsubscribe from this group, send email to simplesamlphp+unsubscribe@googlegroups.com.

[Olav Morken]

On Fri, May 25, 2012 at 04:43:39 -0700, Morten Munkholm wrote:
> Hi Ian,
>
> Thank you for the quick answer!
>
> Unfortunately I am not able to edit my apache config file as the site
> is on a shared host.
> I have access to the PHP ini and also have the posibility to
> use .htaccess.
>
> I tried both the methods above but with no luck.
>
> My setup is like this:
> simpleSAMLphp is located in root/simplesamlphp/
> the www folder is located in root/public_html/simplesaml
>
> I have edited the required files to make that setup work.
> I have also put the following in htaccess files in the above two
> folders and in root/public_html/:
>
> Header set P3P "CP=\"CAO PSA OUR\""
>
> The current configuration works in Chrome and Firefox but does not
> work in Internet Explorer due to the missing headers (I think).
>
> Any suggestions?

Make sure that the line works. Maybe your web server isn't configured
to load .htaccess-files?

A simple way is to look at the headers your browser receive through
some of the web developement tools available for the various browsers.

Best regards,
Olav Morken
UNINETT / Feide

[Olav Morken]

On Fri, May 25, 2012 at 04:51:36 -0700, Morten Munkholm wrote:
> Also worse mentioning is that the current error I get is:
>
> "State information lost"
>
> and this is the page loaded in the iframe, that throws that error:
>
> /simplesaml/module.php/saml/sp/saml2-acs.php/default-sp

One thing that you should check is that you do not get that error when
testing authentication outside of the iframe.

[Morten Munkholm]

Hi,

Setting header through htacess didn't do the trick.

I ended up putting "header('P3P: CP="CAO PSA OUR"');" in module.php and of in the file loaded into the iframe.

That solved my problem.

Agreed, it's not the prettiest solution, but it solves the issue :)

Thank you for your inputs!!

Regards,

Morten

[Ron Teitelbaum]

Hi Anthony,

 

Still trying to figure it out but it appears that it says

 

http://compactprivacypolicy.org/compact_specification.htm

 

"CAO" | ; for <contact-and-other/>

"PSA" [creq] | ; for <pseudo-analysis/>

"OUR"        | ; for <ours/>

 

So it may mean contractor information is used for you (the contact) and someone else, for pseudo-analysis, used by contact.

 

Interesting.  Thanks for pointing it out.

 

All the best,

 

Ron Teitelbaum

 

From: simple...@googlegroups.com [mailto:simple...@googlegroups.com] On Behalf Of Anthony Linsday
Sent: Tuesday, July 17, 2012 12:02 PM
To: simple...@googlegroups.com
Subject: Re: P3P Headers

 

AWESOME! AWESOME! AWESOME!!!!!!

I was having the same problem with the "cookies disabled" error with IE8 and IE9, but firefox, chrome, and waterfox all worked fine.
We're setting up an IdP for the NBC 2012 olympics and they had our login page in an iframe.
I added the p3p header to the apache config, reloaded the server and it instantly started working!

Can somebody explain what the options mean though?

<Location /simplesaml>
    Header set p3p "CP=\"CAO PSA OUR\""
</Location>

Thanks for the help!
Anthony

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.

To view this discussion on the web visit https://groups.google.com/d/msg/simplesamlphp/-/0bfMn2xSjZcJ.